Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1509915-2)
SAP Support Packages
(SAPK-30006INPE1)
Описание
1. The programs listed in the attached correction instructions contain a vulnerability through which a malicious user can potentially read arbitrary files on the remote server, possibly disclosing confidential information.
2. Some of the programs listed in the attached correction instructions contain a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or altering system behaviour.
2. Some of the programs listed in the attached correction instructions contain a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or altering system behaviour.
Как исправить
See Note 1497003 for additional information and instructions. You must implement the corrections from Note 1497003 before you implement this note.
Logical File Names Used in This Solution
-----------------------------------------
The following logical file names were created to activate the validation of the physical file names:
* /PE2/PMCF_INPUT_FILE
Logical File Paths Used in This Solution
-----------------------------------------
The logical file name mentioned above uses the file path /PE2/PMCF_INPUT_PATH.
Logical File Names Used in This Solution
-----------------------------------------
The following logical file names were created to activate the validation of the physical file names:
* /PE2/PMCF_INPUT_FILE
Logical File Paths Used in This Solution
-----------------------------------------
The logical file name mentioned above uses the file path /PE2/PMCF_INPUT_PATH.
Ссылки